Mahdi is computer malware that was initially discovered in February 2012 and was reported in July of that year.[1] According to Kaspersky Lab and Seculert (an Israeli security firm which discovered the malware), the software has been used for targeted cyber espionage since December 2011, infecting at least 800 computers in Iran and other Middle Eastern countries. Mahdi is named after files used in the malware and refers to the Muslim figure.[2]
Seculert and Kaspersky named the malware after "Mehdi" because the attackers put a folder with the same name in the infected computers in order to spread malware. According to the security experts, Mahdi malware works apparently at a lower level than Stuxnet and is made using existing public softwares.[3]
The targets of this malware include sensitive infrastructure companies, computers of engineering students, financial service institutions, and official government embassies. The most infection with this malware has been reported in Iran.[4]
Mahdi malware allows attackers to steal files from an infected computer and monitor emails and text messages/chats. It can also record sounds, register keys pressed on the computer keyboard and take pictures of the activities shown on the computer monitor screen. Also, a text file named "mahdi.txt" is included in the malware program on the infected computer.[5] [6]